Cylance revealed details of Operation Dust Storm

Finally after six years security researchers revealed details about the cyber-espionage campaign, Operation Dust Storm, that targeted organizations in almost every continent.

Security researchers from Cylance reported that the group  recently targeted  Japanese critical infrastructure, before them they attacked many Japanese private and public organizations, among which there are a reputable automaker, the local Japanese subsidiary of a well-known South Korean electric utility firm, and a company from the oil and gas industry.

Before shifting their focus to Japanese companies the group targeted many companies in  the US, South Korea, China, and many European countries.

First incidence of attack was observed in 2010 when they launched a series of attack on Adobe Flash Player (CVE-2011-0611) and Internet Explorer (CVE-2011-1255) to distribute the Misdat malware.

A year later the attackers attacked US agencies and the Uyghurs Chinese minority for the Libyan crisis and Muammar Gaddafi's death.

Attacks continued in 2012 but stopped towards the end of 2013, after Mandiant published a report on the activities of a Chinese-linked APT group codenamed APT1.

Operation Dust Storm came after a series of simple watering hole attacks via an Internet Explorer zero-day in 2014, it started shifting all its efforts on Japanese targets starting February 15.

"The campaign has made use of malware that is customized for particular target organizations," Cylance researchers explain. "Attacks have employed spear phishing, waterholes, unique back doors and unique zero-day variants, among others, to breach corporate networks and Android-based mobile devices."

Share this with Your friends: